On the Number of Information Symbols 
in Difference-Set Cyclic Codes 

By R. L. GRAHAM and JESSIE MAC WILLIAMS 

(Manuscript received April 28, 1966) 

The concept of a difference-set cyclic code has been described previously. 
It was shown that such a code is almost as powerful as a Bose-Chaudhuri 
code and considerably simpler to implement. It is the purpose of this paper 
to determine some of the more important properties of this code and its dual 
code (cf. Sec. IV). It may be pointed out that the problems we consider are 
equivalent to determining certain properties of incidence matrices associ- 
ated with a class of balanced incomplete block designs formed from simple 
difference sets. 

I. INTRODUCTION 

The concept of a difference-set cyclic code has been described by E. 
J. Weldon, Jr. in the preceding paper. 1 In Ref. 1 it is shown that such a 
code is almost as powerful as a Bose-Chaudhuri code and considerably 
simpler to implement. It is the purpose of this paper to determine some 
of the more important properties of this code and its dual code (cf. Sec. 
IV). It may be pointed out that the problems we consider are equivalent 
to determining certain properties of incidence matrices of Desarguesian 
planes. 

II. SIMPLE DIFFERENCE SETS AND ASSOCIATED CYCLIC CODES 

A simple difference set S is a collection of I integers [di , ■ ■ ■ ,d t \ 
modulo n such that every o^O (mod n) can be uniquely expressed in 
the form 

d { — dj = a (mod n), 

for some d, , dj in S. Of course, n = 1(1 - 1) + 1. If 0(.r) (the differ- 
ence-set polynomial ) is defined by 

e( x ) = £ ** , 
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then it follows that 

0(x)e(x- 1 ) = l + £ *' (mod(a: n - 1)). 

This may be written 

6(x)d(x- i ) = (/ - 1) + (x n - l)/(x - 1) (mod(.r" - 1)). 

Changing to arithmetic over the finite field GF(p), where p is a prime 
that divides I — 1, we have 

(x - l)6(x)d(x~ l ) = (mod Or" - 1)). 

This means that d(x) has a nontrivial highest common factor h(x) in 
common with x n — 1 over GF(p). 

Let R be the ring of polynomials modulo x n — 1 over GF(p). The 
ideal R-6(x) is the same ideal as R-h(x) and is a proper ideal in R, and, 
in fact a cyclic code (see Ref. 5, Section 8.1). The dimension of this 
code is (n — deg h(x)). 

The only known simple difference sets are obtained by a construction 
due to Singer. 2 For this construction, n must be of the form p 2a + p" + 1. 
Hence, I — 1 = p 3 , which determines the finite field one must use. For 
p = 2 and 1 ^ s ^ 5, the dimension of R-B(x) was found by E. J. 
Weldon, Jr. to be 3* + 1. In this paper it is shown that in general the 

dimension of R-d(x) is y 2 ) + *■ 

III. AN EQUIVALENT PROBLEM 

Let n = p 2s + p" + 1, r = p" - 1. {di , d 2 , • ■ ■ , di} is a Singer dif- 
ference set modulo n, and 6(x) the difference-set polynomial. In this sec- 
tion all arithmetic will be in GF(p) (addition and multiplication mod p) 
unless otherwise specified. 

The degree of h(x) is the number of zeros of x" — 1 which are also 
zeros of 8(x). Hence, the following odd -sounding theorem is relevant. 

Theorem 1: The number of nth roots of unity (over GF(p)) which are not 
zeros of 9(x) is the number of integers t, 1 ^ t £ n, such that for some 

j, 1 ^ j ^ t — 1, the binomial coefficient ( ■ j is not zero (mod p). 

* This roundabout approach is usual in coding theory. Appendix B contains a 
direct proof that the dimension of R-0(x) is the number of zeros of x" - 1 which 
are not zeros of 6{x). 
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The purpose of this section is to prove Theorem 1 . Several preliminary 
steps are needed. 

Let v be a primitive nrth root of unity over GF(p);co = v" is a primi- 
tive rth root of unity, f = / is a primitive nth root of unity. The first 
n powers of f are the zeros of .r" — 1 ; the degree of the highest common 
factor of 0(x) and x" — 1 is the number of integers / ^ n for which 
0(f') = 0. 

The powers of co generate GF(p*), and, since nr = p 3s — 1, the powers 
of v generate GF{p"). Since GF(p 3s ) Z) GF{p s ), any linear combination 
/!.-.,• «V is again a power of v. 

To construct a Singer difference set modulo n, one picks two arbitrary 
distinct integers d\ , d 2 (less than n), forms all linear combinations 
up ' + co'v 2 = v , and replaces v by w f v ! (df ^ n) by using p" = to 
(cf., Ref. 2). The distinct exponents of v which are obtained in this way 
form a Singer difference set.* Since ^(wV 1 + «V") = w* /+ V / , each 
exponent d/ will be produced r times; we can get each one exactly once 
by using the equations 



v ■+■ v * = (a""v 



<i ."i,. a a 



UV -p J* =0)1', 

(1) 



r — l </i , d« hi di 

co v -f- v - = CO V , 

where 

/ = // + 1 = /• + 2. 
Lemma 1: f /.s a zero o/ 0(.r) i/ and only if 



g(J)«*^fa 



Proof: Raising (1 ) to the power /r gives the set of equations 



* An example is given in the appendix. 
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Thus, 

0(r ( > - £<*')* = o 

if and only if 

W + W + ^iuV* + / 2 )' r = o. 

i=n 

This may be rewritten as 

(r + 1 )(/ l )' r + (r + D(/ 2 )' r + £ Z (I'V V * ' 

i=0 A = l V / 

where 

<Th = dih + d 2 (tr - h). 
Since r + 1 = V the nrst tw0 terms are zero 5 tne remainder is 

§(»>"2 (wY - 

Now, 

r-i (0 if h ?* mod r. 

E <«')' - .. , ■ 

j=o [)• if /i = jr. 

In particular (for t = 1) f is a zero of 6 (x). Since 

r = -1 mod p, / = f, and cr ir = (di - d*)jr + *r d 2 , 
the expression for 0(f') becomes 

_ trd 2 sp /tr\ j(,dl-d a ) 

M \3>-J 
which proves the lemma. 
Lemma 2: 

y* f *" V (di ~ d2)j = o 
H W 

(f anr/ on/?/ if 

( *J = (mod V ) for j = 1, ■■■ ,t- 1. 
Proof: The difference set {&,&,*••, di} may be obtained by picking 
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any two distinct di , dj contained in it, and applying the construction 
previously described to v *, v '. By the definition of a difference set we 
may choose d, — dj to be any number 1,2, • • • , n — 1. Thus, 0({ ) = 
implies 



sft>- 



= for u = 1,2, ••• , n — 1, 
and the equation 



E (■> = <> 



;=i V 

will have (n — 1) nonzero roots. Since £ ^ n this is impossible unless 
all the coefficients are zero. This proves the lemma. 

The experimental evidence (for p = 2, 1 ^ s ^ 5) showed that the 
number of f ( which are noi zeros of 6{x) is 3* + 1. We guess (it turns 
out correctly) that "+1" corresponds to t = n, — f n is not a zero of 
8(x), since 6(1) = 1 (mod p) — , and that it will be simpler to count bi- 
nominal coefficients which are not divisible by p. The information con- 
tained in Lemmas 1 and 2 is rephrased in the form of Theorem 1. 

The following corollary is immediate. 

Corollary 1: The degree of the highest common factor (over GF(p)) of 
8(x) and x" — 1 is the same for every Singer difference set. 

IV. A THEOREM ON BINOMIAL COEFFICIENTS 

In this section, we change to ordinary arithmetic (instead of mod p) 
and count the number of integers t which satisfy the conditions of Theo- 
rem 1. In particular, our goal is to establish 

Theorem 2: The number of t, 1 ^ t ^ p 18 + p", for which 

fy ^ (mod p) (2) 

for r = p" — 1 and some j, 1 ^ j < t, is just ( J . 

The proof of this result will depend upon several lemmas. We first need 
some notation. Let P P (u) denote the greatest power of p which divides u. 
If u is written to the base p, i.e., 

h 

u = ^ U/p', ^ iii < p, 
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for some h, then D(u) will denote the sum of the "digits" of u, i.e., 

D{U) = !>;. 

As usual, we let [u] represent the greatest integer not exceeding u. 
Lemma 3: 

'u + v 



P= (mod p ) 

if and only if 

Uj + Vj ^ p - 1, j = 0, 1, 2, 
Proof: It is well known that 



P p (m\) = 



5 6] 



(the upper limit oo is convenient, but not necessary). Since 



PM U + 9 )) = Q 
u 



-']-£&] + 5 &]■ 



we have 

if and only if 

00 r i 
V u X 

But it is always true that 

[x + y] ^ [.r] + [y] , 
so that (3) holds if and only if 

Noting that, in general, [x/p % ] is just one of the "digits" in the repre- 
sentation of x to the base p, we see that (4) is exactly the condition that, 



* We should more accurately denote this by D p {u) but since p is fixed in this 
argument, no confusion will arise. 
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for each j, the jth digit in the representation of u + v to the base p is 
just the sum of thejth digits of u and v. Hence, (4) holds if and only if 

Uj + Vj f £ p - 1, j = 0, 1, 2, ••■ , 

and the lemma is proved. 
We note as a 

Corollary: 

D{u + t>) ^ D{u) 4- D{v) 

with equality if and only if 

UJ + Ui £p- 1, ./ = 0, 1,2, ••• . 
We recall that the numbers of particular interest are 

u = jr, v = tr - jr, 
where 

8 — 1 

r = p" — 1 = Z M'p' (where w = p — 1). 

1=0 

Lemma 4-' 

l)(tr) = sw for I ^ t ^ r. 

Proof: Set 

«— i 

t = Z a «p" + a ° ' 

1=1 

where we may take a ^ 0, since D(p'u) = D(u). Now, 

a — 1 

flor = (flo - 1 >P* + 2 wp 1 + (p - flo). 

i=i 

Consequently, 

«-i 

tr = (p* — 1) Z a <P' + a °'" 
i=i 

= 2 «.P ,+ * - £ (HP* + ( «o - Dp s + E wp { + (p - a ) 

v=i i=i f=i 

= Z «.P' +S + C* - Dp' + Z <» - «>V + (p - ao). 

i-i i=i 
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Thus, 

s-1 s-1 

DO) -Y.Oi+ (a - 1) + (a - l)io - j a, + (p - a ) 

t=i t=i 

= sw for 1 ^ t ^ 7- = p" — 1, 

which proves the lemma. 

Note that if 1 < t < n, there is a 1 to 1 correspondence between / 
such that D (tr) = u and t such that D (tr) = Ssw — n. For 

< (p 3s - 1) - tr = (n - t)r 

and clearly 

D((n - t)r) = 'Ssw - D(tr). 

Lemma 6: 

sw ^ D(tr) ^ 2sw, for 1 ^ t < n. 

Proof: We show that D(tr) ^ 2sw; the other inequality is then immedi- 
ate by the preceding remark. 
Since t ^ p 2 " -\- p" we have either 

8—1 

t = p 4- 2* <kP 
or 



8-1 8-1 

i'=0 1=0 



t = p s E &,p + E a,p*'. 



In either case, let fo denote the first summand and t 2 denote the second 
summand (so that t — t\ + fe). 
By Lemma 4 

D(hr) = D(fer) = sw. 

Hence, 

Z)(*r) = D(/,r + far) ^ D(*ir) 4- D(fer) - 2su< 

and the lemma is proved. 

We recall now that in Theorem 2 we are considering integers t which 
satisfy (2). By Lemma 3, this is equivalent to finding j and t, with 
1 ^ j < t < n, such that 

D(fr) =D(fr) +D«t -j)r). 
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But Lemma 5 implies 

2sw ^ D(tr) = D(jr) + D((t - j)r) ^ sw + sw = 2sw. 

Hence, we must have 

D(tr) = 2sw, D(jr) = D((t - i)r) = sw. 

On the other hand, suppose for some u, 1 £ u < n, we have 

D(i«r) = 2sw. 

Let /i denote P p (u) and set m = p « . As in Lemma 5, set 

/ ii 

U = Id + Uo , 

where n* ^ r and D(u-> r) = sw. Since 

D(u'r) = Z)(wr) = 2sw 
then we must have D{u\r) = sw. Thus for j = pW, 



ft) - ° 

We can summarize this discussion in 



(mod p). 



Lemma 6: The number of t which satisfy {2) is exactly the number of t for 
which 

D(tr) = 2sw. 

By a previous remark, this is just the number of / such that 

D(tr) = sw. 

This problem is equivalent to finding the number of u, 1 ^ u < p " — 1, 
such that 

D(u) = sio and u = (mod r). (5) 

We state the result in 

Lemma 7: The number of integers u which satisfy (5) is I _ I . 
Proof: Write u in the form 

S-l 8—1 8—1 

u = ^ a { p l + p 8 Yl u >P l + V~' H °iV 

/-ii ,=o ;=o 

= A + p'B + p l8 C, 
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where 

^ A,B, C ^ r = v ~ 1- 
Then 

M = A + £ + C+(p'- 1)B + (p 2s - l)C 
and so we have 

u = (mod ?•) 
if and only if 

A + B + C = (mod r). 
Since ?j > 0, then by Lemma 5, 

D(A + B + C) ^ sw. 
But 

D(A + B + C) ^ D(A) + Z)(B) + D(C) = D(u) = no 
by the corollary to Lemma 3. Hence, we must have 

D(A + B + C) = sw = D(A) + D(B) + D(C). 
This implies that 

a, + &.■ + c< ^ w, i = 0, 1, ■ ■ • , s - 1, 
and consequently 

A + B + C g r. 
However, the requirement that r divides u implies 
A +B + C = r, 
so the only possibility left is 

a, + bi -\- d = w, i = 0, 1, • • • , s — 1. 
Since the number of ways (cf. Ref. 4, 6.6) of obtaining w as the ordered 

sum of three nonnegative integers is f 9 J = ( „ J then the 

total number of choices for A, B, and C (and hence for u) is just 

P ~T ) . This completes the proof of Lemma 7. 

By combining the preceding lemmas, Theorem 2 is proved. 
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V. CODING THEORY 



It has been shown 1 that the minimum distance of the dual code of the 
cyclic code R-d(x) is at least p" + 2. It is now easy to show that the 
minimum distance of R-d(x) itself is p l + 1. 

Since R-d(x) contains 6 (x), p° + 1 is an upper bound for its minimum 
distance; it suffices to show that it is also a lower bound. 

By Theorems 1 and 2, f' is a zero of 0(z) if D(tr) = sw (this is, of 
course, only a sufficient condition). By Lemma 4, the p" — 1 numbers 
t = 1, 2, • • • , p' — 1 have the property that D(tr) = sw; clearly t = p" 
also has this property. Thus there are at least p* consecutive powers of 
f which are zeros of 0(.r). By the usual proof of the Bose-Chaudhuri 
bound (See Ref. 5, Section 9.1) the minimum distance of R-8(x) is at 
least p* + 1. 

Theorem 2' is a summary of known results about difference-set cyclic 
codes. 

Theorem 2 : Let di,dt, ■ ■ • , d\ be a Singer difference-set modulo n, 
where n = p~ 8 + p" + 1. Set 

d(x) = 2 **• 
1=1 

Let R be the ring of polynomials modulo x" — 1 over GF(p). Then R-8(x) 

is j, cyclic code of dimension}. J + 1, and minimum distance 

p s + 1. 

It has been shown that for every Singer difference-set modulo n, 
there exists a set of integers t such that f is a zero of the difference-set 
polynomial. The set of such t is the same for every difference set, but 
this of course does not mean that every 6(x) has the same zeros in com- 
mon with x" — 1. The difference set is constructed by means of a primi- 
tive nrth root of unity v; v determines the choice of f, and a different 
choice may or may not lead to a different set of zeros for 8(x). 

APPENDIX A 

Example 

Take p = 2, s = 2, n = 2 l + 2 2 + 1 = 21, nr = 2 6 - 1 - 63. The 
polynomial x h + x + 1 is an irreducible factor of x n + 1 over GF(2) 

* The proof applies although R0(x) is not necessarily a BCH code. 
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[see Ref. 6, p. 309, polynomial /io]. In this case, co is a cube root of unity 
and the above polynomial factors over GF(£) into 

(.r 3 + .r 2 + u*x + a) (x 3 + x 2 + ux + a 2 ). 

We take a zero of the first polynomial for v, and for purposes of calcula- 
tion it is convenient to express it as 



1 


1 0~| 


'1 
to 


1 


CO 


0_ 



It is readily checked that the characteristic equation of this matrix is 
x* + x 2 + ux + to. A table of the relevant powers of v follows. 



1 


1 0~| 


CO 


1 


w 


0_ 



CO 


1 


ll 


1 


CO 





CO 


CO 


0_ 



3 

V — 



CO CO CO 








1 





6 

V = 


co" 


1 


1 




CO 





1 




CO 





1 


V = 


CO 


CO 


1 







CO 






14 
V = 



CO" 1 1 

1 CO 

CO CO 1 

CO CO co" 

1 



Take d\ = 3, <1 2 = 6. 



6 
V = 



CO CO 1 

CO 

1 2 

1 CO CO 
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1 CO CO 

CO CO" 

co" co" CO 
CO CO co" 



■> 3 i fi 

1>S V -\~ V = 



CO CO 











10G9 



Hence, 3, 6, 7, 12, 14 is a difference-set modulo 21. In this case, r = 
2 2 - 1 = 3, and the appropriate values of t are 5, 10, 20, 19, 17, 13; 
9, 18, 15. (tr = 15, 30, 60 etc.) It is readily checked that each tr has a 
digit sum (to base 2) of 2s = 4. 



APPENDIX B 



Let 6 (x) = a + dix + • ■ • + a n _i.i-" _l . The ideal R-d(.v) consists 
of all linear combinations over GF(p) of the n polynomials .v'0(x) 
(mod (x" — 1)), i = 0, 1, • • • , n — 1. Its dimension is therefore the 
rank over GF (p) of the matrix 



A = 



flo 



cii a 2 



a„-i cio a\ 



a n -\ 



fln-i 



a i 



a 2 a 3 



"o 



Let ai , a-i , • ■ • , a„ be the n zeros of .r" — 1 over GF(p); they are all 
distinct since p does not divide ?i. Let A be the matrix 



A = 



1 



1 



«i 



«i 



n-l n— 1 
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Then 

det A = II (<*i ~ «/) ^ 0» 

i<ign 

and the rank of A is the same as the rank of A A. Now, 
(0(«i) OM ••■ 0(a„) 



AA = 



otid(ai) aid{ai) 



a„8(a n ) 



oti" 6(ai) ao" Oyfito] 



a n " ^(a,,)) 



Suppose the a, are arranged so that 0(a,) ?* 0, i = 1, • • • , t, and 0(a,-) =0 
i = i + 1, ■ • • , n. The last n — t columns of A A contain only zeros, 
so that the rank of AA is ^ t. The t by t matrix in the upper left hand 
corner of A A is 



0(<xi) 0(a 2 ) 

aid(ai) ctidial) 



d(a t ) 
a t e(a t ) 



«i 0(ai) «2 0(02) 

and the determinant of this is 



atO(a t ) 



0(«i) -e(a 2 ) ■ ■ ■ 9{a t ) II (<*i ~ aj) * 0. 
Thus, the rank of A A (hence, the dimension of R- 6(x) ) is exactly t. 
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